First published: Mon Jul 03 2023(Updated: )
A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Enterprise Security Manager | <11.6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3314 is a vulnerability that arises from the failure to properly sanitize the processing of zip files, allowing an authorized user to execute arbitrary commands.
CVE-2023-3314 has a severity rating of 8.8, which is considered high.
Trellix Enterprise Security Manager version 11.6.7 is affected by CVE-2023-3314.
An attacker can exploit CVE-2023-3314 by using a specially crafted zip file to execute arbitrary commands.
Yes, it is recommended to update Trellix Enterprise Security Manager to a version that properly sanitizes zip file processing to mitigate CVE-2023-3314.